HTTPSignatureAuthenticationFilter

author: Vitaly Takmazov 2018-12-20 09:41:32 +0300
committer: Vitaly Takmazov 2019-01-16 16:39:21 +0300
commit: 809ef60e18bb8ab7c95db93b7777f3c0ffb30872 (patch)
tree: e3d1529ff1c1a2026118a2b856c6366b6b6ea2ef /src/test
parent: 1aea2345966f5026d064a44baaa82bb2d958eb8f (diff)
5 files changed, 129 insertions, 7 deletions
diff --git a/src/test/java/com/juick/server/configuration/TestActivityConfiguration.java b/src/test/java/com/juick/server/configuration/TestActivityConfiguration.java
new file mode 100644
index 00000000..5daf4900
--- /dev/null
+++ b/src/test/java/com/juick/server/configuration/TestActivityConfiguration.java
@@ -0,0 +1,19 @@
+package com.juick.server.configuration;
+
+import com.juick.server.KeystoreManager;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+
+import java.io.IOException;
+
+@Configuration
+public class TestActivityConfiguration {
+    @Value("classpath:test.p12")
+    Resource keystoreFile;
+    @Bean
+    public KeystoreManager testKeystoreManager() throws IOException {
+        return new KeystoreManager(keystoreFile.getFile().getAbsolutePath(), "secret");
+    }
+}
diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java
index fa2e2ce9..fedbaba0 100644
--- a/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/src/test/java/com/juick/server/tests/ServerTests.java
@@ -65,10 +65,13 @@ import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMock
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
 import org.springframework.http.*;
+import org.springframework.http.client.ClientHttpRequestFactory;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.client.MockRestServiceServer;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@@ -76,6 +79,7 @@ import org.springframework.util.DigestUtils;
 import org.springframework.util.FileSystemUtils;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.w3c.dom.Document;
@@ -118,6 +122,9 @@ import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
 import static org.junit.Assert.*;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
+import static org.springframework.test.web.client.ExpectedCount.times;
+import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo;
+import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
 import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
@@ -130,9 +137,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @TestPropertySource(properties = {
         "broken_ssl_hosts=localhost,serverstorageisfull.tld",
         "ios_app_id=12345678.com.juick.ExampleApp",
-        "xmppbot_jid=juick@localhost/Juick",
-        "hostname=localhost",
-        "componentname=localhost",
         "spring.jackson.default-property-inclusion=non_default"
 })
 @AutoConfigureMockMvc
@@ -174,10 +178,6 @@ public class ServerTests {
     private ServerManager serverManager;
     @Inject
     private KeystoreManager keystoreManager;
-    @Value("${hostname:localhost}")
-    private Jid jid;
-    @Value("${xmppbot_jid:juick@localhost}")
-    private Jid botJid;
     @Value("${upload_tmp_dir:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
     private String tmpDir;
     @Value("${img_path:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
@@ -192,6 +192,18 @@ public class ServerTests {
     private ActivityPubManager activityPubManager;
     @Inject
     private WebApp webApp;
+    @Inject
+    private RestTemplate apClient;
+
+    @Value("classpath:mocks/activity/testuser.json")
+    private Resource testuserResponse;
+    @Value("classpath:mocks/activity/testfollow.json")
+    private Resource testfollowRequest;
+
+    @Inject
+    private KeystoreManager testKeystoreManager;
+
+    private MockRestServiceServer restServiceServer;
 
     private static User ugnich, freefd, juick;
     static String ugnichName, ugnichPassword, freefdName, freefdPassword, juickName, juickPassword;
@@ -1699,6 +1711,55 @@ public class ServerTests {
         signatureManager.post(from, to, follow);
     }
     @Test
+    public void serviceSignatureAuth() throws Exception {
+        String meUri = "/api/me";
+        String testHost = "localhost:8080";
+        Person ugnichPerson = (Person) signatureManager.discoverPerson("ugnich@localhost:8080").get();
+        Instant now = Instant.now();
+        String requestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
+        String signatureString = signatureManager.addSignature(ugnichPerson, testHost, "GET", meUri, requestDate);
+        MvcResult me = mockMvc.perform(get("/api/me")
+                .header("Host", testHost)
+                .header("Date", requestDate)
+                .header("Signature", signatureString))
+                .andExpect(status().isOk())
+                .andReturn();
+        User meUser = jsonMapper.readValue(me.getResponse().getContentAsString(), User.class);
+        assertThat(meUser, is(ugnich));
+        String testuserResponseString = IOUtils.toString(testuserResponse.getInputStream(), StandardCharsets.UTF_8);
+        ClientHttpRequestFactory originalRequestFactory = apClient.getRequestFactory();
+        restServiceServer = MockRestServiceServer.bindTo(apClient).build();
+        URI testuserUri = URI.create("https://example.com/u/testuser");
+        URI testuserkeyUri = URI.create("https://example.com/u/testuser#main-key");
+        restServiceServer.expect(times(3), requestTo(testuserUri))
+                .andRespond(withSuccess(testuserResponseString, MediaType.APPLICATION_JSON_UTF8));
+        restServiceServer.expect(times(3), requestTo(testuserkeyUri))
+                .andRespond(withSuccess(testuserResponseString, MediaType.APPLICATION_JSON_UTF8));
+        Person testuser = (Person)signatureManager.getContext(testuserUri).get();
+        Assert.assertThat(testuser.getPublicKey().getPublicKeyPem(), is(testKeystoreManager.getPublicKeyPem()));
+        Instant now2 = Instant.now();
+        String testRequestDate = DateFormattersHolder.getHttpDateFormatter().format(now2);
+        String inboxUri = "/api/inbox";
+        String testSignatureString =
+                signatureManager.addSignature(testuser, testHost, "POST",
+                        inboxUri, testRequestDate, testKeystoreManager);
+        mockMvc.perform(post(inboxUri)
+                .header("Host", testHost)
+                .header("Date", testRequestDate)
+                .header("Signature", testSignatureString)
+                .contentType(Context.LD_JSON_MEDIA_TYPE)
+                .content(IOUtils.toByteArray(testfollowRequest.getInputStream())))
+                .andExpect(status().isAccepted());
+        mockMvc.perform(post(inboxUri)
+                .header("Host", "wronghost")
+                .header("Date", testRequestDate)
+                .header("Signature", testSignatureString)
+                .contentType(Context.LD_JSON_MEDIA_TYPE)
+                .content(IOUtils.toByteArray(testfollowRequest.getInputStream())))
+                .andExpect(status().isUnauthorized());
+        apClient.setRequestFactory(originalRequestFactory);
+    }
+    @Test
     public void hostmeta() throws Exception {
         MvcResult result = mockMvc.perform(get("/.well-known/host-meta"))
                 .andExpect(status().isOk()).andReturn();
diff --git a/src/test/resources/mocks/activity/testfollow.json b/src/test/resources/mocks/activity/testfollow.json
new file mode 100644
index 00000000..e308e52e
--- /dev/null
+++ b/src/test/resources/mocks/activity/testfollow.json
@@ -0,0 +1,15 @@
+{
+  "@context": [
+    "https://www.w3.org/ns/activitystreams",
+    "https://w3id.org/security/v1",
+    {
+      "schema": "http://schema.org#",
+      "PropertyValue": "schema:PropertyValue",
+      "value": "schema:value"
+    }
+  ],
+  "id": "https://example.com/12345678",
+  "type": "Follow",
+  "actor": "https://example.com/u/testuser",
+  "object": "http://localhost:8080/u/ugnich"
+}
+\ No newline at end of file
diff --git a/src/test/resources/mocks/activity/testuser.json b/src/test/resources/mocks/activity/testuser.json
new file mode 100644
index 00000000..95fc2aa9
--- /dev/null
+++ b/src/test/resources/mocks/activity/testuser.json
@@ -0,0 +1,27 @@
+{
+  "@context": [
+    "https://www.w3.org/ns/activitystreams",
+    "https://w3id.org/security/v1",
+    {
+      "schema": "http://schema.org#",
+      "PropertyValue": "schema:PropertyValue",
+      "value": "schema:value"
+    }
+  ],
+  "id": "https://example.com/u/testuser",
+  "type": "Person",
+  "following": "https://example.com/u/testuser/following",
+  "followers": "https://example.com/u/testuser/followers",
+  "inbox": "https://example.com/u/testuser/inbox",
+  "outbox": "https://example.com/u/testuser/outbox",
+  "preferredUsername": "testuser",
+  "url": "https://example.com/@testuser",
+  "publicKey": {
+    "id": "https://example.com/u/testuser#main-key",
+    "owner": "https://example.com/u/testuser",
+    "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHKRdKFFeT4P/MVlNbxC\nbbgXOkEdeQzvJB/wAJgSYbUwm9SzNFzttePQXk3/MWoK2awWUInZTduVHsWt8zU7\nO3d9PAW6YH6L1oDkjgMLAb9aUWV2ClQWMwsn88WKK9Rb1WOmd8BrXjPfmeFK2ypQ\n9eg8aKpH36WAXiiaTDfBupBZ0Ki2+E87BrWxpbUeDC1dkV+zbl8BMm7X0rp+reoC\nYUWMcjQMzhMmQOXUd4zwJIDPZDMdF4beq/y6WPSUTVgjs4kPDS1HT60ATnsUqyPE\n6tuGxG4j0msb4TTre87PKxMU5YPOxSiqNL0O/3u9/2shVPpjDa/uy9W+VaeBHbFm\nSQIDAQAB\n-----END PUBLIC KEY-----\n"
+  },
+  "endpoints": {
+    "sharedInbox": "https://example.com/inbox"
+  }
+}
+\ No newline at end of file
diff --git a/src/test/resources/test.p12 b/src/test/resources/test.p12
new file mode 100644
index 00000000..7f7457eb
--- /dev/null
+++ b/src/test/resources/test.p12
author	Vitaly Takmazov	2018-12-20 09:41:32 +0300
committer	Vitaly Takmazov	2019-01-16 16:39:21 +0300
commit	809ef60e18bb8ab7c95db93b7777f3c0ffb30872 (patch)
tree	e3d1529ff1c1a2026118a2b856c6366b6b6ea2ef /src/test
parent	1aea2345966f5026d064a44baaa82bb2d958eb8f (diff)